The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More

It has been another slow week, with mostly new variants of existing ransomware being released. The biggest news is that the GandCrab Ransomware developers have decided to release the decryption keys for Syrian victims. Unfortunately, there is no decryptor available that will work with all versions of the keys that were released, so victims will have to wait for an AV company to release a working decryptor.

MalwareHunterTeam discovered a new ransomware called Birbware that adds the .birbb extension to encrypted files and states that you can get a free decryption key by contacting the developer on Discord.

Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

This is not the first time malware authors have released keys for a prevalent ransomware family (or its variants), allowing cybersecurity companies to create decryptors. Previously, ESET has released such tools for TeslaCrypt, several variants of Crysis, as well as for earlier variants of the AESNI ransomware.